10 4 Wireless Security Ink

Computer Networks
Wireless Security (8.6.4)

David Wetherall (djw@uw.edu) Professor of Computer Science & Engineering
Topic
Securing wireless networks
Focus on 802.11
Alice
Network
Bob
Computer Networks
Goal and Threat Model

Unlike wired, wireless messages are broadcast to all nearby receivers
Dont need physical network access Heightens security problems
Alice
Computer Networks
Bob
Eve/Trudy
3
Goal and Threat Model (2)

Two main threats:
1. Eavesdropping on conversations 2. Unauthorized access to network
Well consider 802.11 setting

Assume external attacker can send/receive wireless messages
Computer Networks 4
802.11 Security
Security is based on passwords
For access control and confidentiality and integrity/authenticity
802.11 standard (1999) used WEP

For Wired Equivalent Privacy Badly flawed, easily broken
802.11i standard in 2004

WiFi Protected Access or WPA2 This is what you should use
Computer Networks 5
802.11 Security
Security is part of 802.11 protocol
Encrypted message between client and AP; removed after AP
HTTP TCP IP 802.11 Client
Computer Networks
Contents of 802.11 frame are encrypted
WPA2
802.11 IP
TCP
HTTP
HTTP TCP IP 802.11 AP

6
Home Network
AP is set up with network password Each client also knows password Client proves it knows password
AP grants network access if successful
Internet Client
Computer Networks
AP
7
Home Network (2)

For access, client authenticates to AP
Both compute a shared session key based on the password If client knows the session key it has proved that is has the password
For usage, client/AP encrypt messages

For confidentiality, integrity/authenticity No access without the session key Also group key for AP to reach all clients
Computer Networks 8
Home Network (3)

Master key is from password; nonces for freshness
KS lets client talk to AP; KG lets AP talk to all clients
Computer Networks
Enterprise Network
Network has authentication server Each client has own credentials AP lets client talk to auth. server
Grants network access if successful
(wire) Client
Computer Networks
Network
AP
Auth. Server
10
END
2013 D. Wetherall
Slide material from: TANENBAUM, ANDREW S.; WETHERALL, DAVID J., COMPUTER NETWORKS, 5th Edition, 2011. Electronically reproduced by permission of Pearson Education, Inc., Upper Saddle River, New Jersey
Computer Networks 11

10 4 Wireless Security Ink

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

10 4 Wireless Security Ink

Загружено:

Авторское право:

Доступные форматы

Computer Networks

Wireless Security (8.6.4)

Goal and Threat Model

Goal and Threat Model (2)

Well consider 802.11 setting

802.11 standard (1999) used WEP

802.11i standard in 2004

Contents of 802.11 frame are encrypted

HTTP TCP IP 802.11 AP

Home Network (2)

For usage, client/AP encrypt messages

Home Network (3)

Вам также может понравиться